Année : 2018

Security researcher Max Justicz has discovered several flaws in the distribution Alpine Linux, including an arbitrary code execution.   Alpine Linux is an independent, non-commercial, general purpose Linux distribution that is heavily used in containers, including Docker. Alpine Linux is based on musl libc and busybox, it is a tiny distro and is […]

According to Avira, hundreds of thousands of unpatched Windows systems are serially infected with EternalBlue exploit code. The EternalBlue, is the alleged NSA exploit that made the headlines with DOUBLEPULSAR in the WannaCry attack. The malicious code was leaked online by the Shadow Brokers hacking group that stole it from the arsenal of the NSA-linked Equation Group. ETERNALBLUE targets the Server […]

Old instances of the popular WordPress Duplicator Plugin are leaving sites open to remote code execution attacks. Researchers are warning that attackers are abusing a vulnerability in WordPress site admins’ outdated versions of a migration plugin called Duplicator – allowing them to execute remote code. Made by Snap Creek Software, all Duplicator plugins […]

A new variant of the Dharma Ransomware was released this week that appends the .brrr extension to encrypted files. This variant was first discovered by Jakub Kroustek who tweeted a link to the sample on VirusTotal.     Below I have outlined how this ransomware infects a computer, what happens when your files […]

Palo Alto Network researchers discovered a new malware, tracked as XBash, that combines features from ransomware, cryptocurrency miners, botnets, and worms Security researchers at Palo Alto Networks have discovered a new piece of malware, dubbed XBash piece that is targeting both Linux and Microsoft Windows servers. Xbash was developed using Python, […]

What happened? Since March 2018 we have discovered several infections where a previously unknown Trojan was injected into the lsass.exe system process memory. These implants were injected by the digitally signed 32- and 64-bit network filtering driver NDISProxy. Interestingly, this driver is signed with a digital certificate that belongs to […]